From 83bb1c93cb6ed708831dd2bc9ab1f62c31845dd5 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 30 Mar 2005 22:29:35 +0000 Subject: [PATCH] allow setting misc params used by ACL checking --- servers/slapd/slapacl.c | 15 +++++++-- servers/slapd/slapcommon.c | 67 ++++++++++++++++++++++++++++++++++++-- servers/slapd/slapcommon.h | 16 +++++++++ 3 files changed, 94 insertions(+), 4 deletions(-) diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 59d22ecd90..4c2a8e7960 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -39,8 +39,9 @@ slapacl( int argc, char **argv ) { int rc = EXIT_SUCCESS; const char *progname = "slapacl"; - Connection conn = {0}; - char opbuf[OPERATION_BUFFER_SIZE]; + Connection conn = { 0 }; + Listener listener; + char opbuf[OPERATION_BUFFER_SIZE]; Operation *op; Entry e = { 0 }; char *attr = NULL; @@ -53,6 +54,16 @@ slapacl( int argc, char **argv ) op = (Operation *)opbuf; connection_fake_init( &conn, op, &conn ); + conn.c_listener = &listener; + conn.c_listener_url = listener_url; + conn.c_peer_domain = peer_domain; + conn.c_peer_name = peer_name; + conn.c_sock_name = sock_name; + op->o_ssf = ssf; + op->o_transport_ssf = transport_ssf; + op->o_tls_ssf = tls_ssf; + op->o_sasl_ssf = sasl_ssf; + if ( !BER_BVISNULL( &authcID ) ) { rc = slap_sasl_getdn( &conn, op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID ); diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index ab0048db05..a5120dfc3b 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -55,7 +55,8 @@ usage( int tool, const char *progname ) switch( tool ) { case SLAPACL: options = "\n\t[-U authcID | -D authcDN]" - " -b DN [attr[/access][:value]] [...]\n"; + " -b DN -o [=]" + "\n\t[attr[/access][:value]] [...]\n"; break; case SLAPADD: @@ -91,6 +92,62 @@ usage( int tool, const char *progname ) exit( EXIT_FAILURE ); } +static int +parse_slapacl( void ) +{ + size_t len; + char *p; + + p = strchr( optarg, '=' ); + if ( p == NULL ) { + return -1; + } + + len = p - optarg; + p++; + + if ( strncasecmp( optarg, "sockurl", len ) == 0 ) { + if ( !BER_BVISNULL( &listener_url ) ) { + ber_memfree( listener_url.bv_val ); + } + ber_str2bv( p, 0, 1, &listener_url ); + + } else if ( strncasecmp( optarg, "domain", len ) == 0 ) { + if ( !BER_BVISNULL( &peer_domain ) ) { + ber_memfree( peer_domain.bv_val ); + } + ber_str2bv( p, 0, 1, &peer_domain ); + + } else if ( strncasecmp( optarg, "peername", len ) == 0 ) { + if ( !BER_BVISNULL( &peer_name ) ) { + ber_memfree( peer_name.bv_val ); + } + ber_str2bv( p, 0, 1, &peer_name ); + + } else if ( strncasecmp( optarg, "sockname", len ) == 0 ) { + if ( !BER_BVISNULL( &sock_name ) ) { + ber_memfree( sock_name.bv_val ); + } + ber_str2bv( p, 0, 1, &sock_name ); + + } else if ( strncasecmp( optarg, "ssf", len ) == 0 ) { + ssf = atoi( p ); + + } else if ( strncasecmp( optarg, "transport_ssf", len ) == 0 ) { + transport_ssf = atoi( p ); + + } else if ( strncasecmp( optarg, "tls_ssf", len ) == 0 ) { + tls_ssf = atoi( p ); + + } else if ( strncasecmp( optarg, "sasl_ssf", len ) == 0 ) { + sasl_ssf = atoi( p ); + + } else { + return -1; + } + + return 0; +} /* * slap_tool_init - initialize slap utility, handle program options. @@ -157,7 +214,7 @@ slap_tool_init( break; case SLAPACL: - options = "b:D:d:f:F:U:v"; + options = "b:D:d:f:F:o:U:v"; mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY; break; @@ -209,6 +266,12 @@ slap_tool_init( dbnum = atoi( optarg ); break; + case 'o': + if ( parse_slapacl() ) { + usage( tool, progname ); + } + break; + case 'q': /* turn on quick */ mode |= SLAP_TOOL_QUICK; break; diff --git a/servers/slapd/slapcommon.h b/servers/slapd/slapcommon.h index 8d6c94113f..e3def431a5 100644 --- a/servers/slapd/slapcommon.h +++ b/servers/slapd/slapcommon.h @@ -48,6 +48,14 @@ typedef struct tool_vars { struct berval tv_authzID; struct berval tv_mech; char *tv_realm; + struct berval tv_listener_url; + struct berval tv_peer_domain; + struct berval tv_peer_name; + struct berval tv_sock_name; + slap_ssf_t tv_ssf; + slap_ssf_t tv_transport_ssf; + slap_ssf_t tv_tls_ssf; + slap_ssf_t tv_sasl_ssf; } tool_vars; extern tool_vars tool_globals; @@ -67,6 +75,14 @@ extern tool_vars tool_globals; #define authzID tool_globals.tv_authzID #define mech tool_globals.tv_mech #define realm tool_globals.tv_realm +#define listener_url tool_globals.tv_listener_url +#define peer_domain tool_globals.tv_peer_domain +#define peer_name tool_globals.tv_peer_name +#define sock_name tool_globals.tv_sock_name +#define ssf tool_globals.tv_ssf +#define transport_ssf tool_globals.tv_transport_ssf +#define tls_ssf tool_globals.tv_tls_ssf +#define sasl_ssf tool_globals.tv_sasl_ssf void slap_tool_init LDAP_P(( const char* name, -- 2.39.5